XML-Signature Interoperability [ ascii]
This document describes the interoperability requirements over features, operations, and requirements specified by the XML Signature Processing and Syntax specification of the IETF/W3C XML Signature WG as required by the charter. The minimum exit criteria for this implementation period is defined by the IETF RFC2026 Draft Standard semantic:
4.1.2 Draft Standard A specification from which at least two independent and interoperable implementations from different code bases have been developed, and for which sufficient successful operational experience has been obtained... For the purposes of this section, "interoperable" means to be functionally equivalent or interchangeable components of the system or process in which they are used.
Implementations must operate over the MANDATORY operations of the http://www.w3.org/2000/09/xmldsig# namespace as captured in the October 14 examples that tests various Canonicalization issues; and the August 10 examples that tests: detached, enveloped, envoloping, dsa, rsda, b64, and sha1 signatures..
The following information is the best assesment of the Editors/Chairs for the given dated specification and does not necessarily represent the latest state of any given implementation over this or later specifications. The following key applies: "Y"(implemented), "Y{1,2,*}"(interoperable with others in that Y{1,2,*} set), "N"(not implemented), ""(unkown).
| Feature (yellow designates interoperable examples exchanged) | Key Word | Baltimore | Done360 | IAIK | IBM | |
| Feature: Detached Signature | MUST | Y1 | Y1 |
Y1 |
||
Feature:
Enveloped Signature (requires: XPath selector that drops
SignatureValue) |
MUST | Y1 | Y1 |
Y1 |
||
| Feature: Enveloping Signature | MUST | Y1 | Y1 | Y1 | Y1 | |
|
MUST | Y1 | Y1 | Y1 | Y1 | |
Operation:
SignatureValue generation/validation |
MUST | Y1 | Y1 |
Y1 |
||
| Requirement: Signing parts of a document (document subsettting) | MUST | Y1 | Y1 | Y | Y1 | |
|
SHOULD | Y1 | Y1 | Y | Y1 | |
| Feature: KeyValue | MUST | Y1 | Y1 | Y1 | Y1 | |
Feature: laxly valid enforcement of
Signature element schema definition.. |
MUST | N | ||||
| Algorithm Type | Algorithm | Key Word | Baltimore | Done360 | IAIK | IBM |
| Digest | SHA1 | REQUIRED | Y1 | Y1 | Y1 | Y1 |
| Encoding | Base64 | REQUIRED | Y1 | Y1 | Y1 | Y1 |
| MAC | HMAC-SHA1 | REQUIRED | Y1 | Y1 | Y1 | Y1 |
| Signature | DSAwithSHA1 (DSS) |
REQUIRED | Y1 | Y1 | Y1 | Y1 |
| RSAwithSHA1 | RECOMMENDED | Y1 | Y1 | Y1 | Y1 | |
| Canonicalization | minimal | RECOMMENDED | N | N | N | N |
| Canonical XML (20001011) | REQUIRED | Y1 | Y1 | Y1 | Y1 | |
| Canonical XML with comments | RECOMMENDED | Y1 | Y1 | Y1 | Y1 | |
Last revised by Reagle $Date: 2001/04/05 21:43:23 $
=======